From Collaborative RCE Tool Library

Jump to: navigation, search

Resource Editors


Tool name: PE Explorer
Rating: 5.0 (1 vote)
Author: Heaventools Software                        
Website: http://www.heaventools.com/overview.htm
Current version: 1.99 R6 (silent update)
Last updated: October 14, 2009
Direct D/L link: http://www.heaventools.com/download/pexsetup.zip
License type: Shareware
Description: PE Explorer provides powerful tools for disassembly and inspection of unknown binaries, modifying the properties of executable files and customizing and translating their resources. Use this product to do reverse engineering, analyze the procedures and libraries an executable uses.

Features include:

* Working with PE files - exe, dll, sys, drv, bpl, dpl, cpl, ocx and more.
* The ability to open a broken or packed file in Safe mode.
* Support for custom plug-ins to perform any startup processing.
* Collecting the full information contained in the file header.
* Checksum computing and modification.
* Review and editing Data Directories.
* Review of all the sections and info about their location and size.
* Review of contents of section as Raw Data - up to 16 view windows.
* Extracting and deleting sections.
* Section header recalculation.
* Section Editor to modify and repair the damaged section headers.
* Resource Editor to view and modify almost any kind of resources.
* Saving changes to disk as a new file image.
* Full info on exported and imported functions. Review of contents of the base relocation table.
* Quick Function Syntax Lookup. Syntax Description Editor.
* Source code and package information analyzer. Dependency Scanner.
* Built-in Disassembler.
* Customize GUI elements of your favorite Windows programs
* Special support for Delphi applications
* Automatic UPX and Upack unpacking

See multiple screenshots at: http://www.heaventools.com/scrshots.htm
Also listed in: Disassemblers, PE Executable Editors
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Resource Hacker (Reshacker)
Rating: 5.0 (1 vote)
Author: Angus Johnson                        
Website: http://angusj.com/resourcehacker
Current version: 3.5.2.84
Last updated: December 19, 2009
Direct D/L link: http://angusj.com/resourcehacker/reshack_setup.exe
License type: Freeware
Description: Now with PE64 support!!


Resource Hacker is a freeware utility to view, modify, rename, add, delete and extract resources in 32bit Windows executables and resource files (*.res). It incorporates an internal resource script compiler and decompiler and works on Win95, Win98, WinME, WinNT, Win2000 and WinXP operating systems.

Viewing Resources: Cursor, Icon, Bitmap, GIF, AVI, and JPG resource images can be viewed. WAV and MIDI audio resources can be played. Menus, Dialogs, MessageTables, StringTables, Accelerators, Delphi Forms, and VersionInfo resources can be viewed as decompiled resource scripts. Menus and Dialogs can also be viewed as they would appear in a running application.

Saving Resources: Resources can be saved as image files (*.ico, *.bmp etc), as script files (*.rc), as binary resource files (*.res), or as untyped binary files (*.bin).

Modifying Resources: Resources can be modified by replacing the resource with a resource located in another file (*.ico, *.bmp, *.res etc) or by using the internal resource script compiler (for menus, dialogs etc). Dialog controls can also be visually moved and/or resized by clicking and dragging the respective dialog controls prior to recompiling with the internal compiler.

Adding Resources: Resources can be added to an application by copying them from external resource files (*.res).

Deleting Resources: Most compilers add resources into applications which are never used by the application. Removing unused resources can reduce an application's size.

Known limitation:
Resource Hacker will not read 16bit (Windows 3.1) executables.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Explorer Suite
Rating: 4.4 (5 votes)
Author: Daniel Pistelli                        
Website: http://www.ntcore.com/exsuite.php
Current version: III (DC20121111)
Last updated: November 11, 2012
Direct D/L link: http://www.ntcore.com/files/ExplorerSuite.exe
License type: Free
Description: A freeware suite of tools including a PE editor called CFF Explorer and a process viewer. The PE editor has full support for PE32/64. Special fields description and modification (.NET supported), utilities, rebuilder, hex editor, import adder, signature scanner, signature manager, extension support, scripting, disassembler, dependency walker etc. First PE editor with support for .NET internal structures. Resource Editor (Windows Vista icons supported) capable of handling .NET manifest resources. The suite is available for x86, x64 and Itanium.

Features:

* Process Viewer
* Windows Viewer
* PE and Memory Dumper
* Full support for PE32/64
* Special fields description and modification (.NET supported)
* PE Utilities
* PE Rebuilder (with Realigner, IT Binder, Reloc Remover, Strong Name Signature Remover, Image Base Changer)
* View and modification of .NET internal structures
* Resource Editor (full support for Windows Vista icons)
* Support in the Resource Editor for .NET resources (dumpable as well)
* Hex Editor
* Import Adder
* PE integrity checks
* Extension support
* Visual Studio Extensions Wizard
* Powerful scripting language
* Dependency Walker
* Quick Disassembler (x86, x64)
* Name Unmangler
* Extension support
* File Scanner
* Directory Scanner
* Deep Scan method
* Recursive Scan method
* Multiple results
* Report generation
* Signatures Manager
* Signatures Updater
* Signatures Collisions Checker
* Signatures Retriever
Also listed in: .NET Executable Editors, .NET Resource Editors, .NET Signature Removers, .NET Tools, Dependency Analyzer Tools, Exe Analyzers, Executable CRC Calculators, Hex Editors, Import Editors, Memory Dumpers, PE Executable Editors, Process Dumpers, Protection Identifiers
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Anolis Resourcer
Rating: 4.0 (1 vote)
Author: AnolisFX                        
Website: http://anol.is/
Current version: 0.9.0 Beta
Last updated: September 1, 2009
Direct D/L link: http://www.deviantart.com/download/116235998/Anolis_Resourcer_by_AnolisFX.zip
License type: GPL
Description: Anolis Resourcer is a flexible Resource Hacker that exceeds the venerable ResHacker's capabilities in many areas, including support for x64 executables, Vista and Windows 7's MUI files, and 256x256 PNG icon support.


On 2009-05-21 -- The release fixes a number of issues and adds a Batch Export feature which will be of use to people wanting to make custom resources for programs like Windows Media Player.

On 2009-05-26 -- This fixes a critical race condition in the 3428 build. The zip archive now contains a command-line reference text file.
Also listed in: PE EXE Signature Tools, PE Executable Editors, Unpacking Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: CodeDoctor
Rating: 0.0 (0 votes)
Author: hnedka                        
Website: N/A
Current version: 0.90
Last updated: November 12, 2009
Direct D/L link: see details
License type: freeware
Description: <nowiki>CodeDoctor is a plugin for Olly and IDA.

History:
11.11.2009 - 0.90 - initial public release

________________________________________________________________________________
Functions:

1) Deobfuscate

Select instructions in disasm window and execute this command. It will try
to clear the code from junk instructions.

Example:

Original:
00874372 57 PUSH EDI
00874373 BF 352AAF6A MOV EDI,6AAF2A35
00874378 81E7 0D152A41 AND EDI,412A150D
0087437E 81F7 01002A40 XOR EDI,402A0001
00874384 01FB ADD EBX,EDI
00874386 5F POP EDI

Deobfuscated:
00874372 83C3 04 ADD EBX,4

________________________________________________________

2) Deobfuscate - Single Step

This works like previous command, but does one transformation at a time
_______________________________________________________

3) Move NOPs to bottom

Converts this:

00874396 50 PUSH EAX
00874397 90 NOP
00874398 90 NOP
00874399 52 PUSH EDX
0087439A BA 3F976B00 MOV EDX,somesoft.006B973F


to this:

00874396 50 PUSH EAX
00874397 52 PUSH EDX
00874398 BA 3F976B00 MOV EDX,somesoft.006B973F
0087439D 90 NOP
0087439E 90 NOP

Limitations: it breaks all jumps and calls pointing inwards
________________________________________________________

4) Undo / Redo

Undo or Redo last operation (from one of the above functions)

________________________________________________________

5) Retrieve Jumpy function

This will statically parse instructions and follow all jumps. This is useful
for situations, when program jumps here and there and here and there... When
it encounters some instruction, that can't be followed, it stop and copies
all parsed instruction to an allocated place in memory.

Use settings to set some parameters:
Step over calls - if set, it will step over calls, otherwise it will follow them
Step over jccs - dtto, but for Jccs
Deobfuscate - it will deobfuscate instruction, when it encounters Jcc, RET,
JMP reg/exp, CALL reg/exp; useful for multi-branch

Example:

Original:
00874389 /EB 05 JMP SHORT somesoft.00874390
0087438B
Also listed in: Deobfuscation Tools, IDA Extensions, OllyDbg Extensions, Unpacking Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: eXeScope
Rating: 0.0 (0 votes)
Author: Toshifumi Yamamoto                        
Website: http://hp.vector.co.jp/authors/VA003525/Eindex.htm
Current version: 6.50
Last updated: March 23, 2004
Direct D/L link: Locally archived copy
License type: Shareware
Description: Do you want to customize an application? For example,

* to change font,
* to change menu,
* to change an arrangement of dialog,
* etc.,

But you think that it is impossible because you have not source files ?

eXeScope can analyze, display various information, and rewrite resources of executable files, that is, EXE, DLL, OCX, etc. without source files.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: PunchIt
Rating: 0.0 (0 votes)
Author: CondZero / ARTeam                        
Website: http://arteam.accessroot.com
Current version: 1.2
Last updated: January 18, 2011
Direct D/L link: http://www.accessroot.com/arteam/site/download.php?view.252
License type: Free
Description: It is a program useful to automatically inject into ANY application your sound and music. The music will be played in background when the program runs as before.

The tool comes with a comprehensive help file

Current Release: v1.2 January 2011

+ fix problem when extracting to temp
+ fix dialog repainting issue
+ all PECompact2 c2t*.tmp files (located in your temporary folder) are deleted if the compress option is chosen upon exiting the application
+ extract to temp and overwrite existing options now default
+ add ability to select a custom Icon (*.ico) file
+ latest build of Bass Audio module v2.4.6

Key features

Works with most windows 32 bit executable files (including packed / protected files) via a wrapper program, alternately called a Loader, a small piece of code and data attached to processed modules / music (files) that is responsible for extracting the application / music files and launching the application whilst playing the sound file.
Bass Audio module v2.4.6 (win32 version) capable of playing:
Streamable files:
*.wav;*.aif;*.mp3;*.mp2;*.mp1;*.ogg
MOD music files:
*.mo3;*.xm;*.mod;*.s3m;*.it;*.mtm;*.umx

PECompact2 v2.94.1 (Student build) compresses modules substantially better than that of the common compression software such as RAR and ZIP, and is more reliable in compressing certain types of packed / encrypted executable files than UPX. This is accomplished through advanced techniques of pre-processing a module to make it more compressible when passed to the compression algorithm.
Replaces the icon from either a custom Icon (*.ico) file or the source input executable file (if found) into the new output executable file.
Requires no programming knowledge to use.

Please test and report any probs. As can sometimes happen, if you choose a packed / protected
source executable, you may run into problems compressing and should choose the non compress
option. This is not a fault of the application, but a limitation imposed by compressor programs
such as PECompact2 (Student build) v1.94.1 (latest).
Also listed in: Code Injection Tools, GUI Manipulation Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: ResFixer
Rating: 0.0 (0 votes)
Author: seeQ                        
Website: N/A
Current version: 1.0 beta 1
Last updated: 2003
Direct D/L link: Locally archived copy
License type: Free/Public Domain
Description: ResFixer v 1.0 beta 1 by seeQ


1. Introduction
*****************
This program resolves a situation when you want to remove unnecessary code from dumped exe, which after unwrapping is no longer needed. ResFixer - is a resource rebuilder which tries to restore the resource section (.rsrc). As you know many protectors/packers move some of resources (Icon, Icon Group, Version inf) to it's own section. In this case you can't remove protectors/packers section(s) after dumping.


2. Usage
*****************
Method 1 - Completely copies resources section from an entrance file, then finishes gluing the displaced resources and corrects resource tree.
Method 2 - Tries completely reconstruct section on the basis of a tree.


3. Tip's
*****************
1. In programs written on Delphi watch for TLS (native place rdata).
2. Do not forget that resources in file should lay directly from beginning of unique section with name ".rsrc", because differently programs can crash under some build's Win9x and resource viewer's.
3. It is also possible to remove Reloc's from EXE.


4. Bugs
*******************
The program does not check if the file is unpacked.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Resourcer for .NET
Rating: 0.0 (0 votes)
Author: Lutz Roeder                        
Website: http://www.aisto.com/roeder/dotnet/
Current version: 1.0
Last updated:
Direct D/L link: N/A
License type: Free
Description: Resourcer is an editor for .resources binaries and .resX XML file formats used with the .NET platform. Resourcer allows editing of name/string pairs, import of bitmaps/icons and and merging of resources from different sources.
Also listed in: .NET Resource Editors
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: StringEditor
Rating: 0.0 (0 votes)
Author: VLaaD                        
Website: N/A
Current version: 1.0
Last updated: Back in 2005 (but still works!)
Direct D/L link: Locally archived copy
License type: Freeware for Free People
Description: String editor is UNICODE editor for binary string resources.
It is pretty straightforward to use it, so it doesn't have a help (if you press F1, God will help you!)

Besides normal side-by-side expected functionality, and capability of changing the string resource ID, you can also perform a string resource cleanup (messup occurs when buggers are frequently deleting the strings without repacking, so whole string blocks are consuming memory for nothing).

Small and works.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Stud_PE
Rating: 0.0 (0 votes)
Author: CGSoftLabs                        
Website: http://www.cgsoftlabs.ro/studpe.html
Current version: 2.6.0.5
Last updated: October 31, 2009
Direct D/L link: http://www.cgsoftlabs.ro/zip/Stud_PE.zip
License type: Freeware
Description: Stud_PE The Portable Executables Viewer/Editor (32/64 bit PE files)

Features:
* View/edit PE basic Header information (DOS also):
- Header structures to hexeditor;
* View/edit Section Table:
- Add new section;
* View/edit Directory Table:
- Import/Export Table viewer;
- Import adder;
- Resource viewer/editor (save/replace ico/cur/bmp);
PE Scanner (PEiD sig database):
- 400 packers/protectors/compilers;
* Task viewer/dumper/killer;
* PEHeader/Binary file compare;
* RVA to RAW to RVA;
* Drag'nDrop shell menu integration;
* Basic HexEditor;
* Process region dumper/viewer;
Also listed in: Import Editors, PE Executable Editors
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: VBReFormer
Rating: 0.0 (0 votes)
Author: Sylvain Bruyere                        
Website: http://www.decompiler-vb.net/
Current version: v6.2 Free Edition
Last updated: November 3, 2014
Direct D/L link: http://download.decompiler-vb.net/setup_free.exe
License type: Shareware
Description: VBReFormer Free Edition is a limited edition of VBReFormer Professional Edition, a powerful set of recovery tools for Visual Basic 5 & 6 application.

Decompiler, disassembler, and design editor at the same time, VBReFormer is a must-have tool for companies and professionals who work with version 5 & 6 of Visual Basic.

VBReFormer disassemble all functions and methods in forms, controls, classes, and modules of Visual Basic application and try to recover the most complete Visual Basic source code than possible (if compiled with the native code option).

Furthermore, thanks to its integrated decompilation engine, VBReFormer perfoms a native decompilation from Native code to Visual Basic code, in the fullest extent possible.

Note: VBReFormer is not able to disassemble P-Code applications at the moment.

VBReFormer recovers UI meta information and resources of Visual Basic 5 & 6 application (forms, usercontrols, designers, pictures, etc.) and extracts these information into a Visual Basic project.

Even better, the integrated design editor of VBReFormer succeeds where others resources editors fail with Visual Basic applications with its ability to edit UI design of Visual Basic applications in a simple and easy way with no limitation of size, and with no need to recompile the application, working directly on its binary.
Also listed in: Decompilers, Disassemblers, PE Executable Editors, Visual Basic Decompilers, Visual Basic Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: XN Resource Editor
Rating: 0.0 (0 votes)
Author:                         
Website: http://www.wilsonc.demon.co.uk/d10resourceeditor.htm
Current version: 3.0.0.1
Last updated: December 17, 2005
Direct D/L link: N/A
License type: Free / Open Source
Description: XN Resource Editor is a free, powerful, fully featured resource editor and PE module explorer for Windows 98, Windows 2000 and Windows XP.

XNResourceEditor works with all resource files (.RES) and PE modules (.EXE, .DLL, etc.) but it has special knowledge of modules written in Delphi. It can display all the modules that comprise a Delphi program, and let you edit the properties of the components used on Delphi forms.

And unusually XNResourceEditor can modify PE modules - even if you use Windows 98!

Most recent version supports XP Manifest, Accelerator table and .RC files.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)


RSS feed Feed containing all updates and additions for this category.

RSS feed Feed containing all updates and additions for this category, including sub-categories.


Subcategories

There is one subcategory to this category.





Views
Category Navigation Tree
   Code Coverage Tools  (13)
   Code Ripping Tools  (2)
   Helper Tools  (3)
   Hex Editors  (13)
   Memory Patchers  (7)
   Packers  (19)
   Profiler Tools  (11)
   String Finders  (10)
   Tool Hiding Tools  (7)
   Tracers  (20)
   Needs New Category  (3)